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TITLE OF THE INVENTION 



PORTABLE SECURITY CONTAINER 



CLAIM OF PRIORITY 



This application makes reference to, incorporates the same herein, and claims all benefits 
accruing under from our earlier filing of Disclosure Document No. ^456,575 in the United States 
Patent & Trademark Office on the 19 th day of May 1999.. 



The present invention relates to processes and containers for controlling access to valuable 
items and, more particularly, to processes and systems for managing the security, access, use, siting 
and transportation of containers. 



In general, the need for protection and storage of valuables, sensitive information and 
controlled substances has increased over the past decade, particularly with the introduction of new 
forms of valuable tangible property such as the higher density optical and magnetic storage media. 
Contemporary offices rely upon one or more security devices such as mechanical locks placed upon 
cabinets, safes, doors and buildings to provide physical security for the interior of the office as well 
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Field of the Invention 



Background Art 
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as the contents distributed throughout the office during normal working hours. We have noticed 
however, that these approaches to office security do not provide any audit information about either 
the use of the security devices or about the personnel who use the devices. The need to control 
access as well as to provide an accurate record of personnel having access and the time of their 
access requires both physical and electronic security measures. In an office environment for 
example, items such as confidential papers, diskettes, engineering documents, and intrinsically 
valuable materials (such as, by way of example, gold electrical contacts ) other tangible items are 
most conveniently left exposed upon a counter, in an insecure state, during normal working hours. 
Although these items may be stored in cabinets or desk drawers after hours, the degree of the security 
provided is poor. Office fixtures are typically only secure temporarily and, in most cases, 
unauthorized access cannot be detected. Efforts such as the Electronic Interlock For Storage 
Assemblies of E. O. Warren, U.S. PatentNo. 5,225,825, and the Locker Unit Comprising A Plurality 
Of Lockers of K. Kletzmaier, et aL, U.S. PatentNo. 5,219,386 are exemplars of recent efforts in the 
art to electronically control access, albeit primarily access to stationary objects such as doors and 
safes, and to provide both physical security and audit information about the use of the security 
devices. Although some electronic access control systems do endeavor to provide access control and 
audit capabilities, others such as the Portable Authentification System of L. C. Puhl, et aL, U.S. 
Patent No. 5,131,038; the Electronic Lock And Key System of F. Rode, et aL, U.S. Patent No. 
4,727,369, the Fast Access Electronic Locking System of J. C. Spitzer, U.S. Patent No. 5,299,436; 
and the Portable Electronic Access Controlled System For Parking Meters Or The Like of Paul 
Benezet, U.S. Patent No. 5,278,395 do not consistently, inexpensively and reliably address the need 
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for transportation of assets between remote locations in a secure manner. We have found that the 
unauthorized and undetected access to sensitive information or materials during transit, or during 
storage, is a concern that has not previously been adequately addressed by the art. 

SUMMARY OF THE INVENTION 

It is therefore an object of the present invention to provide an improved security process and 
container. 

It is another object to provide a simplified security process and portable container that 
conforms to contemporary business office practice by securing valuable items for both storage and 
transportation to remote locations. 

It is yet another object to provide a security process and portable container that is readily and 
repeatedly usable to quickly receive, store and transport valuable items, while providing a log of the 
users who gain access to the container. 

It is still another object to provide a process and portable container to enhance the security 
of contemporary offices. 

It is still yet another object to provide a process and security container that readily conforms 
to habits and customs common to a contemporary business office while enabling local protection and 
remote transportation of items found within the environment of the contemporary office. 

It is a further object to provide a process and security container that readily conforms to 
habits and customs common to a broad spectrum of contemporary business offices while generating 
a log of users who have gained access to the container. 
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It is also an object to provide processes and systems for easily and reliably managing the 
security, access, use, siting and transportation of containers. 

These and other objects may be attained with a process that uses a data key to control access 
to a portable container. The container may be constructed with a housing having one or more walls 
supporting either a removable lid, or other panel providing access to the interior of the container. 
The container has \ closed interior while that panel is in complete engagement with one or more 
walls of the housing,\and an open interior able to removably receive items while the panel is 
dislodged from its compile engagement with the housing. A port is exposed through one of the 
walls of the container to receive data signals, and a control stage incorporating a non- volatile 
memory is operationally coupled\o provide communication with the interior of the container via the 
port. The controller generates a control signal in response to the occurrence of a coincidence 
between a data key received via the pWt and a data sequence obtained by the control stage in 
dependence upon information stored withiikthe memory. An electromechanical latch is positioned 
to engage the lid and hinder removal of the Ud irom its complete engagement, and to respond to the 
control signal by releasing the lid from its complete^ engagement to allow access to the interior of the 
container. A host computer sited externally to the container, communicates with the controller via 
the port, and drives the contain as a peripheral device. Ea response to a request for access entered 
via a keyboard coupled to the host computer and transmitted by one, or more, of the ports provided 
by the container, the controller makes a determination of whether to grant the access requested by 
generating a control signal that allows the lock to release the access panel on the basis of, inter alia, 
the disposition of the port relative to a source of the data signals, omthe basis of the disposition of 
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1 the contSHa^wrtfeiii^scheme for generation of the data signals, and in response to occurrence of a 

2 coincidence between a data key received^xontretiei^among the data signals via the port and a data 

3 sequence obtained by the controller in dependence upon the infonnationstored^tiiin the memory. 

4 These and other objects may also be attained with the control stage being operationally 

5 coupled to provide communication with the interior of the container via the port, and generate an 

6 alarm signal in response to an unauthorized interruption of the communication via the port. An 

7 alarm is driven by the controller to broadcast an indication of the unauthorized interruption in 

8 ^ response to the alarm signal. The alarm may be located either within the container or driven directly 

9™ by a host computer that is external to the container and that absent the interruption, communicates 

8V 

iqj= with the controller via the port. 

inn 

o 

i f BRIEF DESCRIPTION OF THE DRAWINGS 

A more complete appreciation of this invention, and many of the attendant advantages 

i^ thereof, will be readily apparent as the same becomes better understood by reference to the following 

6 

14 detailed description when considered in conjunction with the accompanying drawings in which like 

15 reference symbols indicate the same or similar components, wherein: 

16 Fig. 1 is a block diagram of one embodiment of a container management system that may be 
n constructed in accordance with the principles of the present invention; 

18 Fig. 2 is a perspective view of a portable container that may be constructed in accordance 

19 with the principles of the present invention; 

20 Fig. 3 illustrates the transport of a portable container between a host computer sited at an 
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origin and a host computer sited at a destination; 

Fig. 4 illustrates a typical implementation of a host computer connected to a container during 
the practice of the principles of the present invention; 

Fig. 5 illustrates the implementation of Fig. 4, with the access panel removed to provide 
access to the interior of the container; 

Fig. 6 illustrates the transport of a portable container between a host computer sited at an 
origin connected by a network to a host computer sited at a destination of the portable container; 

Fig. 7 illustrates an alternative implementation of the principles of the present invention with 
a host computer directly driving peripheral components that include a biometric scanner, a card 
reader and a portable container; 

Fig. 8 illustrates an alternative implementation with a cellular telephone controlling access 
to a portable container. 

Fig. 9 is a schematic block diagram illustrating an alternative embodiment of the present 
invention; 

Fig. 1 0 is a flowchart that illustrates one mode of operation of an embodiment of the present 
invention; 

Fig. 1 1 is a flowchart that illustrates another mode of operation of an embodiment of the 
present invention of an embodiment of the present invention; 

Figs. 12 and 13 are flowcharts that illustrate the operation of an embodiment of the present 
invention while the container is in an open mode; and 

Fig. 14 is a flowchart that illustrates additional aspects of the operation of an embodiment 
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of the present invention. 

DETAILED DESCRIPTION OF THE INVENTION 

Turning now to the drawings, Figs. 1 and 2 illustrate one embodiment of a container 
management system that may be constructed in accordance with the principles of the present 
invention, with a host computer 1 00 driving a video monitor 90 to display varying visual images and 
symbols, and a keyboard 98 that enables a user to manually enter information and commands into 
computer 100. A data cable 102 such as a serial cable, a parallel multi-lead cable, a small computer 
system interface (i.e. , a SCSI) cable, a universal serial bus (i.e. , a USB) cable, or one or more optical 
fibers, is coupled at one end into a conforming socket operationally connected to the motherboard 
of computer 100, and terminated at the opposite end by a plug 104 that may be removably inserted 
into a socket 128 that is operationally coupled, by for example, a ribbon cable 130 that provides a 
data bus, to a microprocessor based controller 120. Information received by controller from host 
computer 100 may be written into and read from a non-volatile memory 121 that is addressed by 
controller 120. 

A motion sensor 1 70 may be mounted either upon circuit bo ard 1 22 , or within container 110, 
to provide motion signals to controller 1 20 whenever sensor 1 70 detects movement of container 110. 
Senor 170 may be implemented with a spring loaded switch designed to provide motion signals that 
exhibit one logic state when container 110 is stationary upon a desktop, for example, with the 
juxtaposition of the container and the desktop holding the actuator of the switch depressed, and a 
second and different logic state when container 1 10 is lifted above the desktop and the actuator of 
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the switch is released. Alternatively, motion sensor 170 may detect changes in inertia and provide 
a motion signal to controller 120 whenever container 1 10 is in motion. 

A location sensor such as, by way of example, a global position satellite receiver stage 172 
and its antenna 174 mounted to extend externally to container 1 10, may be periodically polled by 
controller 120 to furnish a relatively accurate indication of the geographic location of container 1 10. 
Controller 120 may be programmed to refuse to deny access to container 1 10, by way of example, 
refusing to release an electro-mechanical latch whenever receiver stage 172 fails to indicate that 
container 1 10 is located at an assigned location. 

As illustrated in Fig. 2, the portable container 110 may be constructed with one or more 
sidewalls 1 12 forming an outer casement 109 closed at one end by a continuous bottom surface 116. 
An inner casement 1 1 8 for container 80 may be constructed with one or more sidewalls 84 jointed 
together and closed at one end by a continuous bottom surface 82. The upper rim 86 of container 
1 1 0 may be extended outward to engage the inner surfaces 88 and sidewalls 1 12, thereby providing 
a cavity 19 between the spaced apart sidewalls 84 and inner surfaces 88 that may be used to 
accommodate a circuit board 122, lead cable 130 and socket 128. An aperture 1 14 formed on one 
of the sidewalls 1 12 exposes socket 128 to an environment external to a container 110. A lid, or 
other panel 84 encloses both the inner and outer containers, once inner container 118 has been 
inserted between sidewalls 112 of outer container 70, and controls access to the interior of inner 
casement 80 and thus container 1 10. When panel 84 completely engages the sidewalls 1 12 of outer 
casement 109, access to the interior of container 110 may be utterly denied; when panel 84 is 
dislodged from this complete engagement however, full access may be permitted into the interior. 
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An electro-mechanical latch 163 operated by controller 120 may be mounted within container 
110 to restrict removal of access panel 84, and thereby preserve the unrestricted access to the 
contents of container 1 10 while panel 84 remains undisturbed in its complete engagement of lower 
container 70. Controller 120 regulates application of an electrical current to relay Rl to control 
whether the contact wiper of the switch S 1 component of relay Rl is opened or closed, and whether 
electrical current is applied to solenoid L 1 . In the absence of electrical current through solenoid LI , 
that is, when switch S 1 is in its electrically open state, a spring 167 may be used to bias the armature 
168 to extend axially outward along the central axis defined by the coil winding of solenoid LI, and 
engage the aperture 168 formed in a hasp 169 mounted on the underside of panel 84. When 
controller 120 directs relay Rl to close switch SI and apply an electrical current to the winding of 
solenoid LI, the armature of solenoid LI is withdrawn from aperture 168, as is shown in Fig. 1, to 
release hasp 169 and allow removal of panel 84. Optionally, in mechanical lock 162 such as a 
cylinder lock rotatably operated with a bitted key, may be mounted on the outer casement 70 at a 
location enabling lock 162 to engage lid 84 and thereby provide an additional degree of security 
when lock 162 is turned into its locked position. It should be noted that although circuit board 122 
is mounted upon one of the several sidewalk 84 of the inner casement 80, it is also feasible to mount 
circuit board 122 beneath floor 82, and between outer floor 1 16 and inner floor 82, or, alternatively, 
to distribute the components mounted upon circuit board 122 into various distinct and different 
locations within the container, and even upon a underside of access panel 84. 

Nominally, circuit board 122 may be powered directly by a power cord 50 with a jack 52 
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received within a socket 54 mounted upon circuit board 122. A power supply 56 coupled to socket 
54, may be used to rectify, filter, attenuate and distribute electrical power to rechargeable battery 58 
mo tinted upon circuit board 122, as well as to electro-mechanical latch 163, controller 120 and 
transceiver 136, alarm 162, motion sensor 170 and location sensor 172, among other elements 
supported by circuit board 122. 

\ Turning now to Figs. 3 through 8, communication between host computer 1 00 and controller 
120, or albsrnatively, a local computer 100 or a computer 101 sited at a remote location to which 
container 1 10 nhs been transported, maybe conducted in various modalities, depending upon which 
aperture within container 1 10 is serving as a port (e.g., an industry standard personal computer 
socket 128 (e.g., a serial port socket, a parallel port socket, a SCSI I or SCSI II socket, or a universal 
serial bus socket), infrared transmitter and receiver unit 154, radio or microwave length antenna 134, 
or global positioning satellite antema 174) to accommodate transmission of data signals between 
a host external to container 110, such a^computer 100, 101, and the controller 120 encased within 
container 1 1 0. A multi-lead data cable 1 02 tWinated by plug 1 04 may couple either a parallel port, 
a serial port, a small computer system interface pbrt, or universal serial bus port of computer 100 to 
bus 130 and controller 120 via socket 128. Alternath^ely, a data cable 150 coupled to an infrared 
transmitter 152 may communicate via line-of-site to infratai transmitter 154 that may be mounted 
in aperture 1 14, or within a different aperture, to receive communications from infrared transmitter 
152. Preferably, an infrared transmitter and infrared received unit 152 would be used to 
communicate with an infrared transmitter and infrared receiver unit 154 coupled to controller 120 
via data bus 150. Alternatively, computer 100 may drive radio frequency oimiicrowave transmitter 
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and receiver unit 106 via data cable 105, to propagate radio frequency or microwave signals via 
antenna 1 08 . Portable container 1 1 0 may be fitted with retractable antenna 1 34 to receive the radio 
frequency wave signals propagated from antenna 108, or alternatively, a microwave antenna to 
receive microwave signals. Antenna 134 may be coupled to controller 120 via transmitter and 
receiver unity 136. Consequently, and regardless of whether data cable 102 is simply a direct 
electrical or optical connection with an output port of computer 1 00, 1 0 1 , or a category 5 local area 
network, the conduction of transmission of data signals via port 128 is dependent upon the 
disposition of container 1 10 relative to the source (e.g., personal computer 110, 101) of the data 
signals. By way of example, if container 1 10 is moved away from the neighborhood of data cable 
102, the limited length bf data cable 102 will ultimately cause jack 104 to unplug from socket 128, 
thereby interrupting the conduction of transmission of data signals via port 128. Assuming that 
infrared transmitter and receiver unit 1 54 is serving as the port however, movement of container 1 1 0 
relative to host computer lflO, 101 to a location that would remove the line-of-sight alignment 
between infrared units 152, 154 will cause an interruption in the conduction of transmission of data 
signals via port 154. Should antenna 134 serve as the port for communications between computer 
100, 101 however, movement of Container 1 10 relative to computer 100, 101 to a location where 
either intervening electrical conductors, attenuation of signal strength due to distance, or removal 
of antenna 134 from the field of antenna 108 will cause an interruption in the conduction of 
transmission of data signals via port 13*. 

The interruption of the conduction of transmission of data signals via the selected port, or 
ports, provided by container 1 10 may be used, together with one or more schemes for transmission 
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1 of data signals (including transmission of a data key to authorize access to the interior of container 

2 1 10), as well as the content of the data signals transmitted, to restrict and control access to the 

3 interior of container 110. If, for example, antenna 174 is serving as the port accommodating 

4 conduction of transmission of data signals, movement of container 110 to a geographic location 
s outside of the authorized range of siting (e.g., assuming that the global positioning system has a 

6 range of ± 30 feet, movement of container 1 10 to a location more than thirty feet from the location 

7 authorized by computer 100 will be readily discernable by controller 120 from the position signal 

8 provided by GPS stage 1 72) is a factor that may be used by controller 1 20, in conjunction with host 
sjjff computer 100, in a scheme to control access to the interior of container 110. Accordingly, in 
ic|ij response to a request for access entered via keyboard 96 and transmitted by one, or more, of the ports 
iq 128, 134, 154, and 174 provided by container 1 10, controller makes a determination of whether to 
n grant the access requested by generating a control signal that allows lock 162 to release the access 
i|3 panel 84 on the basis of, inter alia, the disposition of the port relative to a source of the data signals, 
ljCr on the basis of the disposition of the container within a scheme for generation of the data signals, 
is" and in response to occurrence of a coincidence between a data key received by controller 1 20 among 
i6 the data signals via the port and a data sequence obtained by controller 120 in dependence upon the 
i 7 information stored within memory 121. 

is Interruption of communications between computer 100 and controller 120 mounted on, or 

19 within, container 1 10, regardless of whether the interruption of communication occurs by removal 

20 of plug 104 from socket 124, severance of data cable 102, movement of container 1 10 to prevent 

21 transmission of signals between infrared units 152, 154, or interference with or suppression of 
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signals between antennas 108, 134, may be used to trigger either alarm unit 160 driven directly by 
computer 100, or alarm 162 mounted on, or within container 110 and driven directly by controller 
120, or alternatively, by both alarm units 160, 162, to broadcast a sensible alarm indicating the 
interruption of communication. 

Although Fig. 1 shows container 1 10 fitted with separate data socket 128 and power socket 
54, these sockets may be combined into a single socket 128 receiving both electrical power and 
either optical or electrical signals from plug 104. Additionally, container 110 may be fitted with a 
keypad or other manually operable switches 180 to enable container 110 to communicate with 
controller 120 independently of keyboard 98 and computer 100. This may be useful, for example, 
to power-up controller 1 20 or alternatively, to initiate a transmission from controller 1 20 to computer 
100. Additionally, container 1 10 may be fitted with a visual or aural status indicator 182 such as a 
light-emitting diode that either flashes, is intermittently illuminated or is illuminated with different 
colors to indicate the status such as "no fault" or, no unauthorized movement or to indicate an 
unauthorized attempt to gain access to the contents of container 1 1 0. A touch memory port 1 84 may 
also be fitted into container 1 10 to enhance security, by way of example, to enable controller 120 to 
obtain a thumb print or a finger print from a prospective user and compare the print obtained via 
touch memory port 184 with a print of the prospective user that is stored in memory 124. 
Additionally, and as illustrated in Fig. 7, either or both host computer 100, or the computer 101 sited 
at the designation of container 110 may be operationally coupled to maintain communications with 
portable container 1 10 via line-of-sight infrared transmissions 55. A biometric scanner 188 may be 
connected to computer 100 as a peripheral unit to provide an enhanced degree of security, 
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particularly when used together with a magnetic or optical strip card reader 186. Together, biometric 
scanner 188, card reader 186 and keyboard 98 allow the input of the three items of security 
information from each prospective user of container 1 10 essential to a rigid security scheme, namely 
who the prospective user is (e.g., via biometric scanner 188), what the prospective user has 
possession of (e.g., namely an access card bearing a magnetic or optical strip confirming the 
authorization of the bearer to obtain access to the interior of container 1 1 0), and what the prospective 
user knows (e.g., a data key known to the prospective user that may be entered via keyboard 98). 
Authentication of these items of information by computer 100, 101, enables the computer to 
communicate with controller 120 borne by container 110 and authorize controller 120 to allow the 
user to gain access to the interior of container 1 10, as, for example, by energizing solenoid LI to 
release access panel 84. 

Fig. 8 illustrates an alternative implementation with a telephone, such as a handheld portable 
cellular telephone handset 190 that is in communication via its antenna 192 with a central office 
(CO) 196 via a cellular tower antennal94. Host computer 100 may either have an internal modem 
or be operationally coupled with lead 104 to an external modem 198, that is in turn coupled as a 
subscriber of the central office 196. This configuration enables the user of telephone 190 to control 
access to container 1 10 via host computer 100, even though the user and telephone 190 are located 
several miles away from the site of container 1 1 0 and host computer 1 00. The multifunction keypad 
19 1 of cellular telephone 190 serves the user as a substitute for keyboard 98, while the liquid crystal 
display screen 193 serves the user as a substitute for monitor 90, and permits the user to indirectly, 
and remotely enter information into controller 120 and to receive information from controller 120. 
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1 The system may be implemented with one or more portable containers 110, each having 

2 space for storage of valuables. Each portable container 1 10 has a locking mechanism 160 that is 

3 used to control access to the contents of the container. The locking mechanism 160 electro- 

4 mechanical in design and controlled by electronic circuitry mounted on circuit board 122 that is 
s located inside the portable container. The portable container electronic circuitry will respond to a 

6 communications link with an outside control point through the use of a communications port on the 

7 container. Access to the contents of the container is controlled through a verification scheme 

8 _ communicated between a control point device, which may be a personal computer 100, 101, and the 
9:5 portable container 110. 

3 ; : 

iqij Power for operation of the portable container electronic circuitry and electro -mechanical lock 

1 Q 160 will be normally supplied at the control point; however in one application, the power supply may 

12 be an auxiliary unit 58 that is contained within the container. Portable container 1 10 may be used 

O 

i|r; in a stationary mode where the container is connected to a personal computer 100 for the purpose 

3 I s 

i£= of communicating between the electronic logic circuits on circuit board 122 in the container locking 

15 mechanism and the software application used to control access to the container. The container 110 

16 maybe left in the open and unlocked condition while being used frequently and closed and locked 

17 when access is not required. The personal computer 100, 101 will have the ability through the 

18 hardware and software to detect the presence of the portable container and to determine its current 

19 state, that is, whether container 1 10 is open or whether container 1 10 is closed and operational its 

20 location as well as its contents are secure. 

21 In order for access to be made into a closed and locked container, the user will be required 
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to input certain personalized information into the personal computer 100, 101. The personal 
computer 100, 101 will verify this information and send the data signals including a data key 
necessary for the logic circuits of controller 120 mounted within container 1 10 to determine that a 
valid request to unlock had been received from an authorized individual. Controller 120 would then 
allow for the access requested by operating locking mechanism 163. One access per request from 
the personal computer may, in one embodiment, be allowed. 

Circuit board 122 inside the portable container 1 10 will store audit trail information into its 
internal memory 121 for each access request. This audit information is available to be extracted 
from memory 1 2 1 of the portable container 1 1 0 for future interrogation. The personal computer 1 00, 
101 or other control point will also store audit information for each access request and associated 
activity in its ongoing historical database. 

As indicated by Figs. 3 and 6, in the event it becomes necessary for container 110 to be 
transported to a different location, the container can be locked securely and transported. The 
contents of the portable container will be kept secure during the transportation of the container. 
Upon arrival at the desired destination, the container could then communicate with a secondary 
control point such as a local personal computer 101 that has, or is given (by the originating personal 
computer or by the user) the necessary data required to communicate with the container for the 
purpose of gaining access to the interior of container 1 10. 

The data key used to determine the validity of an access request may take the form of a digital 
password that is written to the container control logic of circuit board 122, or may be information 
that is unique to, or known by the user transporting the container. The portable container 
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authorization data may be transferred from the originating control point to the destination control 
point utilizing a network communications approach such as the Internet or by way of wireless 
communications. 

It is also a feature of the portable container system to utilize biometric data in the 
authorization process. Biometric data can associate the individual users requesting access to data 
that was communicated to the locking mechanism control circuitry at the point of origination when 
the container was secured for transport. 

Each portable container 110 may also be used in a roaming mode where authorization data 
is presented to the container control logic circuitry of controller 120 directly from the user. This 
information may be input through an optional multikey keypad 180 that is a component of the 
container or through a communications device such as a portable touch memory credential such as 
the multi-function key pad 1 9 1 of cell phone 1 90. This feature will allow the authorized user to have 
free access in locations remote from the origination control point. 

Access to the portable containers in the system may be geographic (as represented by global 
positioning satellite signals), time and date dependent in addition to the user or control point 
verifications. Features such as dual control (requiring more than one user to be verified) and time 
delay (a wait period after verification before locking mechanism 1 63 in container 1 1 0 allows access) 
are available. Additional features, such as mechanical locks 162 may be combined with the 
electronic access control in container 1 10 to further enhance the overall security of the container 
system. 

This advantageously enables one of the user's host computers 100 to communicate via data 
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cable 102 directly with the controller 120 within portable container 110, or alternatively, to 
communicate via a network such as a local area network coupled to the port provided by socket 128. 
As a further alternative, host computer 100 may communicate via data cable 104 with a radio 
frequency transmitter and receiver 106 that, in turn, can communicate via antenna 108 and a 
retractable antenna 134 mounted in one of the sidewalls 1 12 of container 1 10, with a transmitter and 
receiver 136 connected to provide signals to controller 120. As an additional alternative, host 
computer 100 may communicate via data cable 150 with an infrared transmitter and receiver 152 
that, in turn, can communicate via an infrared receiver and transmitter 154 mounted in one of the 
sidewalls 1 12, to controller 120. 

The foregoing paragraphs describe details of a container management system that 
advantageously provides a portable lock with an authentication component that may be time, date, 
geographic and person dependent, and that is in most configurations, stationary. Biometric data of 
authorized users may be stored and carried by the lock. Access to the container may be attained 
through use of personal keyboard in which the authentication may be based upon input from the 
computer keyboard, or any of several profile devices such as a retina that is a part of eyeball scan or 
a thumb print read by a scanner connected as a profile devices to the computer. This system provides 
a technique for sending authentication or authorization data to the remote destination of the portable 
container via either Internet or some other network communication, or for acquiring the 
authentication or authorization locally in dependence upon one or more of various possible 
combinations of geographic data such as signals received directly by controller 120 from global 
positioning satellite signals, personal data such as retina or thumb print of the individual seeking 
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access, and authorization data transmitted directly to or previously stored in a remote computer 
terminal 101. 

Turning now to Fig. 9, a portable box 1 10 is able to store valuables for removal or access by 
either the same by a different user. Access to the contents of box 1 10 is effected by change of state 
of movable element 400 as a result of an action by the decision control point 200. Control point 200 
is extended by variable data interface adaptor 300 so that control point 200 may receive data from, 
or send data to a variety of entry units 500. A changeable variable data interface adapter 300 may 
be removed and replaced without affecting the code stored in memory 202 of controller 200. Both 
the hardware and software configurations of changeable variable data interface adaptor 300 may 
allow different forms of entry units 500 to be used. Accordingly, entry of subsequent data may be 
transmitted through different forms of entry units 500, because adaptor 300 is both removable and 
interchangeable with other adaptors 300. Controller 200 includes an input/output stage 201, an 
operational memory 202, output stage 203, driving movable element 400, microprocessor 204 and 
clock 205. 

Storage container 1 10 allows storage of valuable contents and may allow, or deny access to 
the contents. Container 1 10 is portable, contains and safely transports controller 200, houses and 
also transports moving element 400, and contains, or partially contains, variable data interface 
adapter 300. Controller 200 stores code data in memory 202 for comparison to data received by 
container 110 via adaptor 300, while storing information for transmission via adaptor 300, to 
describe the event history and provide and audit trail about the use and movement of container 1 10. 
In essence, controller 200 regulates access to the contents of box 1 1 0 by controlling moving element 
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1 400, and allows access on the basis of data delivered via adaptor 300. Optionally, controller 200 

2 may make an access decision on the basis of the status of peripheral components of adaptor 300, and 

3 may optionally make access decisions based upon the status of clock 205. 

4 Variable data interface adaptor 300 may be replaced with a different type of adaptor, without 

5 affecting the data code stored in memory 202 . Additionally, adaptor may be changed to allow added 

6 features that allow communication with preferred customers via interface 500. Interface 300 may 

7 be part of either a modem, a cellular transceiver, an alarm monitoring interface, a communication 

8 interface (such as an RS232, universal serial bus, infrared bidirectional receiver and transmitter, or 
radio frequency transceiver), or global positioning satellite receiver. Gap AG manufactures a line 

01 

i<j~ of transceivers that are marketed under the HiConnex and HiConnex Easy product line that may be 

i |3 incorporated into interface 300; additionally, the Siemens M20 and M20 terminals may also be used 

n as the cellular engines of interface 300. 

O 

iffl Entry unit and user interface 500 is always removable. In some embodiments, connection 

1"U" 

ip between adaptor 300 and interface 500 may not require a physical connection. For example, infrared 

is* bidirectional transmission, cellular transmission and radio frequency transmission and reception 

16 avoid the necessity of a cable extending between adaptor 300 and interface 500. In particular 

n embodiments, interface 500 may be implemented with one or more of a card reader, keypad, 

is biometric scanning reader, modem, personal computer host, cellular telephone, handheld computer, 

19 personal computer network (either a local area or wide area network), an internet interface, a data 

20 entry device or a memory device. Multiple types of data entry interface units 500 may be used with 

21 the same container 110, depending upon configuration of adaptor 300. Data entry unit 500 is not a 
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permanent fixture of container 1 10 or controller 200. Entry unit 500 may deliver the status of 
container 1 1 0, as well as the location of the container to the user. Entry unit 500 may, in a particular 
embodiment, set the code data and criteria by which controller 200 acts on moving element 400. In 
the embodiment shown in Fig. 1 , solenoid LI may be used as movable element 400, to either engage, 
or release, hasp 169. 

Turning now to the operation of the various embodiments and modifications of those 
embodiments disclosed in the foregoing paragraphs, Fig. 10 is a flowchart describing the beginning 
of a communication session between the display input device and data coupled container to the point 
of a major function selection; Fig. 1 1 is a flowchart describing the major function from Fig. 10 of 
closing the container to secure contents or prevent items being placed in the container; Fig. 12 is a 
flowchart that is the first of two charts describing the major function from Fig. 10 of opening a 
container to gain access to container contents or interior; Fig. 13 is a flowchart that is the second of 
two charts describing the major function from Fig. 10 of opening a container to gain access to 
container contents or interior; and Fig. 14 is a flowchart describing the major functions from Fig. 10 
of retrieving event history and changing operational settings. 

In the following description, the reader will find use of the terms, coupled and de-coupled 
as a description of data connection and disconnection, respectively, between a container or group of 
containers and one or more graphical user interface / input units of the same or varying types. This 
coupling may occur across the room, a length of wire, an air gap or across the globe in accordance 
with the network methods used to accomplish the data coupling. It may include live high speed data 
connection or may take the form of Internet mail or message packets, through which the container 
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1 and the graphical user interface / input units exchange, data, settings, and exchange information. 

2 Turning to Figure 10, it may be seen that SI 00 determines if an input / graphical user 

3 interface device is currently data coupled to the containers variable data interface stage. SI 02 

4 instructs connection for serial or USB connections while SI 04 instructs for infrared or cellular 

5 interfaces. If the interface type is correct as in SI 06, it must be determined in SI 08 whether more 

6 than one container is connected to the display/input device at one time. If only one device is 

7 connected as in S 1 1 0 then the display will only indicate one coupled container along with its unique 
8^ ID and its current security status. The indication of the unique ID displayed by the graphical user 

interface/ input unit and the security status displayed are the result of communication between the 

3 J I 

iq^ micro-controller in the subject container and the micro-controller of the graphical user interface/ 

OS 

iQ input unit communicating via the Variable data interface scetion of the container circuitry and the 
i2_ communication interface of the graphical user interface/ input unit. In the event that there are more 
than one container coupled as in Yes to S 1 08 then the graphical user interface ( L e., : cell phone, PC 

PJ. 

M . , 

i jh , PDA or other ) will show each container and it s current status. At S 1 1 2, if the bolt position switch 

s 

is or series door position switch of a particular container indicates that the door is open then the status 

16 for that container is displayed as in S 1 1 6 as Not Secure . If at S 1 1 2, the status switch(es) indicate 

n the container is secure as in S 1 14, then that indication will appear on the currently coupled graphical 

is user interface/ input unit. SI 18 describes the users decision to change a container status If the user 

19 decision is no , then status on display will remain unchanged unless an event changes the status. In 

20 the event the user decides to change the status of a particular container he must select the container 

2 1 to change as in S 1 22 and thai as in S 1 24 select a major function or action of either open container 
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S126, close container SI 28, set parameters for the container SI 30 or retrieve history of the 
container as in SI 32. Once selection is made and confirmed SI 34 then the appropriate figure and 
flowchart may be followed. 

Turning now to Figure 1 1 , we see the flowchart which represents the selection S 1 28 close 
container . This action is for the purpose of securing contents stored in a container or preventing 
storage of items in a container by denying access to the contents. In the application where a container 
may be transportable and used in a courier application, it may be desirable to have the container 
locked when not used and in the courier companies inventory. This may help prevent inadvertent 
placement of contents in a box not currently slated for a particular customers use. 

S200 determines if the container is in a code-to-lock mode. If it is as in S206, then a code 
must be used to lock the container. This action results in activation of the latching mechanism in 
such a way to allow the container to be made secure. One could allow any code, such as the current 
code, to be entered to secure the container or require a fresh unused code to be entered. In any case, 
the entered code S206 becomes the next code required for opening of the container. S208 determines 
if the container is in the GPS ( global positioning system) mode. If the container is so equipped and 
in the GPS mode as in S2 10, then the global coordinates for one or more destinations where the 
container may be opened must be entered through the coupled graphical user interface. If the 
container is ready to secure as in S2 1 2, then it may be closed by the user S2 14. In the event the status 
shows that the container is not prepared to be secured S212 then the next code must be entered 
correctly starting the sequence again at S206. If S200 indicated that the container is in a mode other 
than code-to lock, Then it must be in normal mode S204 and the sequence begins at the entry of 
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S208 to determine if GPS mode is active for the selected container. Once the container is secured 
as in S2 14, then the status indication of the coupled graphical user such as may be provided by a 
cellular telephone, interface/input unit will indicate secure . If user desired activity is complete for 
this container then the coupled graphical user interface / input unit may be de-coupled and if physical 
connection is part of the data coupling process, the physical connected may be removed as described 
atS216. 

Observing now Figure 12, starting at SI 26 the reader will see that the major function of 
choice for the user is to open the container. S300 indicates by the way of information that one or 
more users at the same or different locations and one or more types of coupled graphical user 
interface / input units may be involved in this process. Determination if of data coupling is described 
in S304, while S306 describes use of serial or USB connections, while S308 describes Infrared and 
RF or cellular connection. S3 10 determines that the variable data interface of the container is of a 
type compatible with the coupled graphical user interface / input unit. By way of information S3 12 
indicates that the security status of the container shown on the coupled graphical user interface/input 
unit is secure. The indication of the unique ID displayed by the graphical user interface/ input unit 
and the security status displayed are the result of communication between the micro-controller in the 
subject container and the micro-controller of the graphical user interface/input unit communicating 
via the Variable data interface scetion of the container circuitry and the communication interface of 
the graphical user interface/ input unit. S3 14 determines if the container is in the normal mode. If 
the determination is yes then the user enters code as in S400. In the event that the container is in 
GPS mode S3 16 then it must be at the correct global coordinates to be opened S322. In the event it 
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1 is not at the correct coordinates S324, the container must be re-located to the correct coordinates.( 

2 location). If the container is in high security mode S3 1 8, then 1 part of the required opening code 

3 must be received by the container from the origin site S412 before the user enters the second code 

4 data sequence at S400 at the destination site. In the event that the first part from the origin site S4 12 

5 has not been received then the origin first code data must be requested across the network from the 

6 appropriate coupled origin source. In the event that the subject container is in the dual security mode 

7 as in S320, then two parts of a code must be entered into a coupled graphical user interface / input 
s unit at S420. This two part code may consist of live entry of a password as well as a data carrying 

& card credential or presentation of biometric data via a biometric reader to authenticate the user and 

ffi 

loji thus complete code entry described by S422. If container is not in dual security mode at S320, then 

iQ normal code entry at S400 permits the determination at S402. At S402 the micro controller reads 

p 

12^ its memory contents where the opening data is stored and compares that to the just entered codes 

lfH described in the frames between S3 14 and S402. If code matches and authentication is deemed 

ifh correct by the micro -controller, then the decision control point formed by the micro-controller, 

15 memory, clock and I/O will activate switch at S404 which in turn switches power to cause a moving 

16 element to change state at S408 thus allowing access to container interior and any contents therein, 
n This moving element may for example be a latch, bolt or cover which is released by a motor, 
is solenoid, bi-metal element, alloy element or other element capable of permitting access to the 

19 interior of the container. If user desired activity is complete for this container then the coupled 

20 graphical user interface/input unit may be de-coupled and if physical connection is part of the data 

21 coupling process, the physical connected may be removed as described at S406. 
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Observing now Figure 12, starting at SI 26 the reader will see that the major function of 
choice for the user is to retrieve history or set parameters . Determination if of data coupling is 
described in S500, while S504 describes use of serial or USB connections, while S506 describes 
Infrared and RF or cellular connection. S508 determines that the variable data interface of the 
container is of a type compatible with the coupled graphical user interface / input unit. By way of 
information S5 12 indicates that the security status of the container shown on the coupled graphical 
user interface/input unit is secure. The determination of this condition is the present state of input 
switches reflecting position of the latching mechanism and the container cover as read by the micro- 
controller as shown in S510. The indication of the unique ID displayed by the graphical user 
interface/ input unit and the security status displayed are the result of communication between the 
micro-controller in the subject container and the micro-controller of the graphical user interface/ 
input unit communicating via the Variable data interface scetion of the container circuitry and the 
communication interface of the graphical user interface/ input unit. A not secure condition may be 
indicated as shown in S5 16. If the user chooses to upload the history events as in S528 then this 
history will be communicated to the graphical user interface/input unit for display. If no history 
exists S532, none will be displayed and the session may be ended or another selection made as in 
S532. Any of the choices S126,S128,S130,S132 or de-coupling as in S216 may be chosen. If the 
user chooses to change the code as in S520 and the new code is entered as in S522 then the access 
codes required to open the container are new ones as in S526. If incorrect parameters are met or 
incorrect code entry is made then the old code data remains active as in S524. 
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